Foundry Samples

AI-powered security analysis toolkit that leverages Charlotte AI to provide expert-level threat intelligence, automatic indicator extraction, and comprehensive security assessments

A complete reference implementation demonstrating Falcon Foundry collections best practices, including schema design, CRUD operations, checkpointing patterns, and UI integration. Perfect for developers learning collections or building production security workflows.

Leverage Charlotte AI to provide translation of detection alerts. This application allows security teams to access AI-powered translations of detection data for improved clarity while adding customized context to any detection for better team communication. The solution streamlines investigation workflows with enriched detection information and maintains comprehensive documentation of security events, enabling more effective security operations and enhanced team collaboration.

Production-ready Python function examples - FalconPy SDK, API integrations, Collections, workflows, and UI extensions with comprehensive testing

Enhanced monitoring for employees leaving an organization who may pose a high risk of insider threat to sensitive data - Employee data is synced with Workday

Automatically downloads data from Open Source Threat Intel Providers, converts them to CSV files, and uploads them as lookup files to Next-Gen SIEM

Provides seamless integration with OpenRouter's unified API to access multiple AI model providers (OpenAI, Anthropic, Meta, Google) for advanced threat analysis and security research

Synchronize ServiceNow Configuration Management Database (CMDB) Configuration rules with Identity Protection Policies

The Threat Intelligence Detections Enrichment app is a no-code sample application built on CrowdStrike's Foundry platform. It demonstrates how developers can enhance Falcon's endpoint detection capabilities by integrating additional threat intelligence data directly into the user interface.

react test